NETTLE: A LANGUAGE FOR CONFIGURING BGP NETWORKS Andreas Voellmy OGST - April 7, 2009 Prof. Dr. Otto Wilhelm Thomé, Flora von Deutschland, Österreich und der Schweiz. 1885, Gera, Germany
1
BGP: FLEXIBLE & DANGEROUS!
•
BGP is the Internet’s interdomain routing protocol; It is designed to be flexible and allow a variety of policies to be expressed by networks.
•
This flexibility also makes BGP complex, and misconfiguration is common: Mahajan et al estimate that 50% of network outages are due to misconfigurations;
•
Furthermore, BGP routers typically play a crucial role in a network’s connectivity, and misconfiguration can have serious consequences.
2
Wow, AS7007!
• •
From: Stephen A Misel Date: Fri Apr 25 13:20:40 1997
I happened to be in one of our 7505 routers this afternoon when POP -- all of a sudden most of the internet disappeared! I immediately thought it was me, but looked around and saw this AS7007 broadcasting MY routes! It wasn't for all of our network space -- We have several /18's here, and it seemed only the first /24 of each CIDR was affected. When I found a workstation at the end of the /18, we got the whois info for 7007 -Florida Internet Exchange, and called them. They claimed to have a customer broadcasting some bad routing information and unplugged their router. A few moments later, the internet stabilized and I started seeing real routes. Correct me if I'm wrong, but:
(1) We're going to read about this in EVERY computer magazine, newspaper and TV as "the end of the internet?"
(2)
Access lists by backbone providers *should* have prevented this.
(3) Does or does not the RADB and other routing registries (MCI's, etc) prevent this? I bet this hole will be patched up real soon! Steve - - - - - - - - - - - - - - - - -
3
DSL’S TO THE RESCUE! •
Our overall goal is to help operators configure BGP according to their intentions, reducing misconfigurations and improving productivity.
•
Domain-specific languages (DSL) help programmers construct correct programs by providing a language that matches the way domain experts think about their domain.
•
A domain-specific embedded language (DSEL) is a DSL embedded in a host language; this technique reduces the cost of implementation and allows the DSL to inherit the general features of the host language.
•
We have built Nettle, a DSEL in Haskell, in which BGP configurations for a whole network can be described, and a compiler which translates a Nettle program into router configuration files for the eXtensible Open Router Platform (XORP). 4
BGP KNOBS AND CONTROLS
• BGP
provides lots of “controls” and “knobs”
• Nettle • We
makes those “controls” available in Haskell
can now compose “controls” to make new “controls”
5
THIS TALK
• Intro
to BGP: understanding BGP’s “controls”.
• Intro
to Nettle: how we embed BGP’s controls in Haskell.
• Three
examples: defining high-level controls.
6
COMPUTER NETWORKS •
•
•
A computer network consists of a set of nodes, each having an address, and a set of links connecting nodes. Forwarding is the process of sending packets to the next hop node Routing is the process that establishes the paths along which forwarded packets flow. Routing results in each node having a forwarding table.
7
Destination
Outgoing interface
A
1
B
2
C
2
FORWARDING ON THE INTERNET
•
IP addresses are 32-bit values, typically written as 4 bytes, as in a.b.c.d,
•
An address prefix, is written a.b.c.d/e, and denotes the subset of IP addresses.
•
Forwarding is by the “longest match”, i.e. most specific
8
Prefix 0.0.0.0/0 1.1.0.0/16 1.1.1.0/24
Outgoing interface 1
Address 1.2.0.0 1.1.2.0 1.1.1.2
Longest Match 0.0.0.0/0 1.1.0.0/16 1.1.1.0/24
2 3
!"#$%"$#&'()*+,-.&!"/%-*#%0,#0%$ 1$*+2$"#+-.&-,,$** ! ! ! !
3-4.$ 3 4. 5+4$% 678 9+%$.$**
Backbone ISP
ISP
ISP
" :($&!"#$%"$#&+*&-&"$#;?0*&-,,$**@& $ABA@ ! !
C#($%"$# 9+%$.$**
-
;;$$%?#)?/$$%& # & %$67#4)"084/ "
"
*3#3766+&7@%$$&#)&$A(87"@$& + @ @ #%7114(&B$#.$$"�$4%& %$0/$(#4
